How To Protect Your Corporate Website From Cyber Threats

If you dismiss protection of your corporate website from cyber threats as a time-waster, you just don’t know what such negligence can bring.

Think of a corporate website as a company’s business card that you show to potential customers, investors or business partners. There’s some similarity, isn’t there? For sure, no one will give the card with typos, blurry letters and inky top that will make your clients’ hands filthy. Why then, business owners may skip from their agenda the risk of their website visitors’ potential exposure to cyber-threats?

The reason for such information security negligence can be that non e-commerce website owners are unaware of business risks, despite information security consultants’ attempts to burst ‘this bubble of ignorance’. Too often corporate decision-makers believe that their assets are out of cyber criminals’ interests. Sometimes, they fail to see any connection between their website security and business success.

The flipside of poor website security

The reasons to take website security protection seriously are many:

Website crash in a ransomware attack. This is the most innoxious, but still harmful thing that may happen. Cyber-criminals may crash websites just for the sake of it or encrypt website content and demand ransom in exchange for the decryption key.

Security risks for other businesses, public and government sites. A compromised website may serve as a platform for attacks on the websites of the company’s business partners. The perfect example is the 2013 “watering hole” attack, which involved Facebook, Twitter, Microsoft and Apple. The peculiarity of this attack is that it targets particular organizations (the 2013 “watering hole” attack targeted a group of mobile app developers). In this sort of attacks, the hacker infects with malware those websites that are frequently visited by the targeted organizations. Shortly after, some of the victims get infected as well.

Sometimes a small corporate website infected with malware is a part of a botnet with thousands of computers, which together can compromise national infrastructure.

The threat of being blacklisted by Google. This happens when a corporate website becomes a part of a botnet or hosts malicious content used, for example, in phishing scams. If blacklisted by Google, one of the top search engines, your website will lose thousands of visitors and consequently potential customers.

Reputation damage. This is, probably, the major reason for a corporate website security protection. Often website visitors are more cyber security-savvy than the website owners. They know that corporate websites are potentially insecure. Once hacked, it will be a long way for such websites to restore malware-clean reputation again.

Major website security vulnerabilities

Website security is ensured with software protection and access control, so the major website vulnerabilities come from those in software and access control.

Software vulnerabilities

SQL Injection (SQLi)

According to Open Web Application Security Project (OWASP), SQLi poses a major security threat. This is the type of security vulnerability in which hackers supply not the data expected by a website but SQL statements that are interpreted by website (backend) and then a database. Using SQL commands, an attacker creates strings of code which can be entered into the URL, search boxes or sign-in forms. SQLi allows a perpetrator to get access to a website database. This, in turn, opens up further opportunities: to read sensitive data (user names, passwords), to modify the database, and perform admin-level operations.

Cross-Site Scripting (XSS)

XSS allows an attacker to execute malicious scripts in a victim’s browser. This browser doesn’t suspect that the script comes from an ill-reputed source and executes it. This way, the attacker gains access to sensitive information like session cookies, gets the ability to change the content of a webpage or even infiltrate a victim’s computer and run malware on it.

Inclusion vulnerabilities

There are two types of inclusion vulnerabilities – Local File Inclusion (LFI) and Remote File Inclusion (RFI). LFI means that a hacker uploads a locally executed malicious script to a victim’s server. RFI allows an attacker to include a remotely hosted file in the web server. LFI and RFI enable cyber-criminals to get unauthorized access to sensitive data and reveal it or execute malicious codes on the target server.

Access control vulnerability

Administrative interfaces on corporate websites and website content management systems (WCMS) are prime targets for brute force attacks. In this case, an attacker gains unauthorized access to a website by continuously trying out different passwords. If logged in successfully, a cyber-criminal will be able to view, change or delete the content and perform administrative functions.

Website protection tips

Your corporate website security is the indicator for customers that your company is reliable. Build it using the following website protection tips.

Enforce access control

This is the number-one best practice, which implies setting requirements for strong passwords and limiting the time for authorization and the number of login attempts.

Keep it updated

To prevent break-ins, make sure that you monitor the latest patches for your web applications and keep them constantly updated. Updates are primarily intended to mitigate SQLi and XSS attacks, as they are both script-based.

Employ penetration testing

This method belongs to the so-called ethical hacking, and helps to find vulnerabilities before a potential hacker can exploit them. This procedure is a compulsory element in any website security maintenance schedule and should be performed at least once a year.

A properly fine-tuned SIEM system is a powerful security tool which provides a number of opportunities to monitor and enhance the security of your corporate website, something that out-of-the-box SIEM tools can’t provide. Usually a corporate website is hosted on a cloud and a SIEM system is installed an on premise software. In this case, it’s required to establish a VPN channel between the cloud and QRadar solution. Here are 5 must-haves in SIEM system implementation:

Scan your website for vulnerabilities using external web services. This is the way to mimic hacker’s scanning activities. To do this, a SIEM solution should have vulnerability scanners which scan websites from the cloud.

Collect logs from the operating system. When an attacker hacks a website, they may get the OS-level access as well. Monitoring OS logs, SIEM system may detect suspicious activities in the network.

Monitor DMZ traffic. DMZ (Demilitarized zone) is where all web servers are placed. It is a buffer zone between a corporate network and the Internet. Every DMZ element that creates logs can be monitored by a SIEM system. If cyber-criminals managed to compromise a corporate website, they will continue their way to the corporate network.

In addition to the tips listed above, don’t neglect the following ones:

The Secure Sockets Layer (SSL) cryptographic protocol secures communication between a web browser and a web server with encryption. As a result, HTTP address turns into HTTPS.

Schedule backups

Back up your entire website’s data on a monthly, weekly or daily basis. The backing-up schedule should be estimated based on the data storage size, update frequency and daily website traffic. You can back up your website data manually by using a separate local computer or a cloud. Another variant is to employ automated backup solutions, such as Backup Machine, Codeguard and Dropmysite.

Don’t miss anything

Remember: if your website brings value to you and is of interest to your customers, hackers will also find something there to line their pockets. What an attacker needs is a single vulnerability to compromise a website. Therefore, it’s important to use every cyber protection method listed above.

About Dmitry Nikolaenya

SIEM department coordinator with more than 10 years of experience in delivering SIEM solutions for customers in healthcare, banking, financial services, telecommunications and public sector. Today Dmitry is actively working with IBM QRadar, the world’s leading security intelligence platform. As a SIEM expert, Dmitry has also participated in the creation of IBM Security QRadar SIEM tests, a part of IBM Professional Certification Program.